Improvement And Application Of IPsec In Satellite IP Networks

Satellite IP networks as an extension of terrestrial IP networks, have become an important part of the information infrastructure. Because they directly host TCP/IP protocol stack on a satellite channel, so satellite IP networks inherit the high error rate, long transimission delay, asymmetric and broadcast properties of satellite channels. Its first three properties have a substantial impact on TCP performance, and the last one property brought satellite IP networks’ security issues.IPsec is the Internet security framework proposed by IETF, which provides a standard, reliable and scalable cryptographic-based security solution for IP layer. The detail services of IPsec include access control, data origin authentication, resistance to replay attacks, data integrity, and data confidentiality.Currently IPsec is the only security solution with ability of providing security sevices for any form of network communication.To overcome the low performanceof TCPin satellite IP networks, the industry put forward two types of TCP performance enhancement techniques: the end-to-end solutions and solution based on middleware. To some extent, while the former can improve the performance of TCP in satellite IP networks, but can’t eliminate the impact on TCP performance thoroughly from satellite channel; The latter which divides TCP connections into segments using performance enhanced gateways, can greatly improve the performance of TCP in satellite IP networks. To solve the security issues in satellite IP networks, the industry mainly puts forward multi-layer security protection scheme based on IPsec, or use the transport layer security mechanism instead of the IPsec security solution. However, TCP performance enhancement technique conflicts with the end-to-end characteristics of IPsec, the transport layer security mechanism has the limitations on using and inadequate performance. They are not effectively apply to the satellite IP networks.Therefore, in this paper, the current satellite IP networks technology, the IPsec technology and satellite IP networks security solutions has carried on the detailed study.Based on IPsec improvements, proposed a new security solution for satellite IP networks. First of all, based on the high error rate and long transimission delay of satelliteIP networks, we design a new set of key agreement protocol based on public key system. Then, to adapt to the TCP performance enhancement techniquewithout reducing transmission efficiencyas much as possible, the encapsulation mode and scope of IPsec is improved design; Finally, in order to further improve the transmission efficiency of satellite IP networks, we introduced the PMTU discovery technology and IPComp technology, and the improved IPsec encapsulation mode has carried on the adaptability of improvement.Based on the above research and design, this paper develops a prototype of IPsec security gateway forsatellite IP networks, and also validates the main functions and performance through various experiments.